Re: [tlug] file permssions SCP

[Matt Doughty <wyndigo@example.com>]

On Thu, May 22, 2003 at 08:50:13AM +0900, James Cluff wrote:
<SNIP>
> 
> Of course I realize that Unix is used for multiple users and that it would
> be difficult to "fix" the system if I removed x privledges from other for
> the entire system, but it also seems like it would be easier to nail down
> security if by default users had no priveledges and then priveldges where
> given to them by adding them to groups with priveledges.  No I am not ready
> to change my system that way, today, it is just a thought.

here is another thought. What you want is a system that isn't *nix. You
are correct that it is inherrently more secure to only grant access as
needed, but that is a fundamentally different security paradigm. I would
postulate that if you were to try to retrofit such a security model on
a *nix system you would spend all your time trying to get the software
that is used by the rest of the *nix world to work on your system.

> 
> I have logged into many linux systems through the internet where I was able
> to access a lot more of their system than I should have been able to since I
> was practically an anonymous user and this always seemed like someone
> screwed up, and if someone wanted to hijack this machine, they probably
> could.

Why do you think this? Because you can read a lot of directories you assume
it is trivial to achieve priv. elevation?  I assure you if I gave you a shell
account on one of my boxen you could move all over the place, but good luck
trying to crack it.  You would certainly be the first.  The reality is the
ability to easily move around the file system is deceiving.  The boxes were
probably not nearly as open as you think.

> 
> I did search quite a bit on the web before sending my e-mail, so did not
> feel like it was a bad idea to see how other people handled this situation,
> I thought that is what the list was for to share how we are using or would
> like to use linux.
> 
<SNIP>
> 
> Because someone asks a question, it shouldn't be assumed they don't have
> some answers already, or haven't researched the issue.  I just wanted to
> find out what everyone else was doing before I made a decision, I didn't
> think that I was the only one on this list that may have had this issue.
> 

It would be better if you showed that you had made an effort. If for example
you said: "I found a possible solution is X and while Y is an option it
doesn't really do what I want.  How are you guys handling this sort of
situation?" it would go a long way to negate the flood of RTFM and STFW
responses.  If you have made an effort please show us. I'm sure a few
people on this list can tell you I reached a snapping point where I was
being a serious BOFH to people because I got sick of all the RTFM questions.

Now as for help. It sounds like you decided that a chroot jail is the 
solution for you, but another interesting option is apache and webdav.
use that with SSL and MD5 digest auth. or something even more robust
and you have a system that is inherently jailed, and doesn't require
the creation of a system account. I would probably still go with scp
but webdav provides and interesting alternative.

--Matt